漏洞标题
N/A
漏洞描述信息
kcheckpass将用户提供的参数传递给pam_start函数,通常在setuid环境中实现,这允许本地用户调用任何已配置的PAM栈,并通过任意有效的PAM服务名称触发 unintended side effects,与CVE-2011-4122不同。注意: vendor表示,结果的权限升级可能性可能“有些夸张”。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
kcheckpass pam_start函数授权问题漏洞
漏洞描述信息
kcheckpass中存在漏洞,该漏洞源于kcheckpass经常在setuid环境中向pam_start函数传递用户提供的论证。本地用户可利用该漏洞调用任意配置PAM栈,可能借助任意有效PAM服务器名称触发无意识的副作用。
CVSS信息
N/A
漏洞类别
授权问题